it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5886-1] ruby-rack security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5886-1] ruby-rack security update
Date: Tue, 25 Mar 2025 19:30:32 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/Z+MEWMAyiT3VzZkb AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=aGJayXgiYtgOy3QdFcqKdjPnQLVNHeIgYh/UJiFGMvc=; b=NA bBLyCH5/yqydcudfQRHuB9/VxhOSY2XQ1W/wehBh6Pfp94zrCfs+dCmixJAVo8bNhIlCCdjRfjeFf sPSy6h2gG2N0uYwZvL0MDpf3Cm2/M1ts9dFKyIBu+nJYhH1k7X9Wiz46GIEJTJd1QGI1u/Gj/T6iN fkaPvzZp/LK+G0Cn58tG84pKTUSa7zaAuge4i48fshCmxIPGBA9KXxtwGpJQtG947Q8Vq98UJ8a0z Ts5rCO6dwJ59TuC5VED37IAq/jUcJuUidG36SBzc5kK1fONsym3tJuH+CVM1gNaT8uoGfPtOe1GSM g9eVuiKkhsj0d+GdTGShtWOl7pxLvFTQ==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Tue, 25 Mar 2025 19:30:54 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <XzS9u5ONWND.A.JmhF.uRw4nB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5886-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 25, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby-rack
CVE ID : CVE-2025-25184 CVE-2025-27111 CVE-2025-27610

Multiple security issues were found in Rack, an interface for developing
web applications in Ruby, which could result in log injection or
information disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 2.2.13-1~deb12u1.

We recommend that you upgrade your ruby-rack packages.

For the detailed security status of ruby-rack please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmfjA+AACgkQEMKTtsN8
TjYdoRAAoETqhNVwBSUzGkq6h16FKDzFgKTad2JDfYMu0II6aG8IyJypUGU0lt7a
0He8Nzu70iuUBydZQNWgF/Va3M7Ef86fgk7486638cVfUT7uSyUQIFQMCoN8RhL5
/pBkWJ76b5q1LSxHf2ng00kfI2rO0/Xq0eGYbRd4YW2S+kznmTDvvIl1pEDAQKBq
hFXeU0jfEEoaSe0F4mfZBViSY2I/GurL4w4yZG/KK02UW9t+IBMy1gTx3g2rtIUX
ILmOZT2n05gG6PG3YuIagAHrpsEnKMO+NgTI9cqBbYj76TbkvMrvHlhf6yB4MTGp
Bd82jeKe0fyuQeknzPsjlwuM9NzX8pAWZRUGaoV7TEe4JAELzzuA4qOsXO44qBym
hPi/84ENl1eNX9zMZJoAW9KElhz3H62YwqRc3DAJEmVFGLdCD6/Gx5ROlCKdS14M
BBuT2JyDXXHGZqCbY1DkFJs2a22ll5YfGmK8F1yQAF6+kzzAu97DNzO5UGJeLELt
rh3j78mqy65hiRVHtCku7GuSTzY2VjEIp5EUyou+jloE1H2VxizuI2155vNjb/1L
7+Hfilh6D27ylM8yHTzzyejYP4LXAsP2hAhsBALoV4SJA7O1uHjElejkscHN1HJY
KYIeICF9S4appUJm7GKhwoyLGEHujSSg2yAASCB6r1cPgOjZulk=
=uph8
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5886-1] ruby-rack security update, Moritz Muehlenhoff, 25.03.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.